curl / Docs / Vulnerability table / 5.8 vulnerabilities

Vulnerabilities in curl 5.8

curl version 5.8 was released on May 5 1999

It has the following 13 published security problems.

SFlawFirstLast
LCVE-2022-35252: control code in cookie denial of service4.97.84.0
LCVE-2022-27776: Auth/cookie leak on redirect4.97.82.0
MCVE-2022-27774: Credential leak on redirect4.97.82.0
LCVE-2020-8284: trusting FTP PASV responses4.07.73.0
MCVE-2016-9586: printf floating point buffer overflow5.47.51.0
HCVE-2016-8615: cookie injection for other servers4.97.50.3
MCVE-2016-8618: double free in curl_maprintf5.47.50.3
HCVE-2016-5419: TLS session resumption client cert bypass5.07.50.0
HCVE-2016-0754: remote filename path traversal in curl tool for Windows4.07.46.0
HCVE-2015-3153: sensitive HTTP server headers also sent to proxies4.07.42.0
MCVE-2014-3613: cookie leak with IP address as domain4.07.37.1
HCVE-2013-1944: cookie domain tailmatch4.77.29.0
HCVE-2003-1605: Proxy Authentication Header Information Leakage4.57.10.6

Further details

CVE data for 5.8 provided as JSON.

Changelog for curl 5.8

See vulnerability summary for the previous release: 5.7.1 or the subsequent release: 5.9